cbcvebase.

Idattend Pty Ltd Idweb vulnerabilities

30 known vulnerabilities affecting idattend_pty_ltd/idweb.

Total CVEs
30
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH13MEDIUM5

Vulnerabilities

Page 1 of 2
CVE-2023-26568P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26568 [CRITICAL] CWE-89 CVE-2023-26568: Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-27262P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-27262 [CRITICAL] CWE-89 CVE-2023-27262: Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-27255P2CRITICALCVSS 9.1≥ 9, ≤ 3.1.0522023-10-25
CVE-2023-27255 [CRITICAL] CWE-89 CVE-2023-27255: Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-27254P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-27254 [CRITICAL] CWE-89 CVE-2023-27254: Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1. Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26569P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26569 [CRITICAL] CWE-89 CVE-2023-26569: Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb applic Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26572P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26572 [CRITICAL] CWE-89 CVE-2023-26572: Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26578P2HIGHCVSS 8.8≤ 3.1.0522023-10-25
CVE-2023-26578 [HIGH] CWE-22 CVE-2023-26578: Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated a Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.
nvd
CVE-2023-26584P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26584 [CRITICAL] CWE-89 CVE-2023-26584: Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb applic Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26582P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26582 [CRITICAL] CWE-89 CVE-2023-26582: Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3. Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26581P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26581 [CRITICAL] CWE-89 CVE-2023-26581: Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-27260P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-27260 [CRITICAL] CWE-89 CVE-2023-27260: Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26583P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26583 [CRITICAL] CWE-89 CVE-2023-26583: Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1. Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26573P3CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26573 [CRITICAL] CWE-306 CVE-2023-26573: Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allow Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.
nvd
CVE-2023-27257P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-27257 [HIGH] CWE-306 CVE-2023-27257: Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.05 Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
nvd
CVE-2023-26580P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-26580 [HIGH] CWE-306 CVE-2023-26580: Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.
nvd
CVE-2023-27258P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-27258 [HIGH] CWE-306 CVE-2023-27258: Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1 Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
nvd
CVE-2023-26571P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-26571 [HIGH] CWE-306 CVE-2023-26571: Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and ea Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.
nvd
CVE-2023-26575P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-26575 [HIGH] CWE-306 CVE-2023-26575: Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 an Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
nvd
CVE-2023-27376P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-27376 [HIGH] CWE-306 CVE-2023-27376: Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb ap Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
nvd
CVE-2023-26570P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-26570 [HIGH] CWE-306 CVE-2023-26570: Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3 Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
nvd
Idattend Pty Ltd Idweb vulnerabilities | cvebase